var-201401-0517
Vulnerability from variot
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. Tor (The Onion Router) is an implementation of the second generation onion routing, which is mainly used to access the Internet anonymously. There are security holes in Tor. An attacker could use this vulnerability to bypass security restrictions. There are vulnerabilities in Tor 0.2.4.19. Other versions may also be affected. This may aid in further attacks.
Update to version 0.2.4.22 solves these major and security problems:
-
Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160).
-
Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step.
-
The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy.
-
Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others.
-
Clients now try to advertise the same list of ciphersuites as Firefox 28.
For other changes see the upstream change log
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://advisories.mageia.org/MGASA-2014-0059.html http://advisories.mageia.org/MGASA-2014-0256.html
Updated Packages:
Mandriva Business Server 1/X86_64: 77035fd2ff3c6df5effbaf9ee78bdaf4 mbs1/x86_64/tor-0.2.4.22-1.mbs1.x86_64.rpm cccaec1a8425ebfce0bb7d8057d38d6e mbs1/SRPMS/tor-0.2.4.22-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFTmDAPmqjQ0CJFipgRAqq4AJ9ZIEn/fqUynENotuSA2kTLnKwpJgCgkh59 ssWQCdn4l3H2KyxX+IQBsxw= =fSis -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.9"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.10"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.6"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.1"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.4"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.3"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.8"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.2"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.5"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.6,
"vendor": "torproject",
"version": "0.2.4.7"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.16"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.17"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.15"
},
{
"model": "tor",
"scope": "lte",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.19"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.13"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.18"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.14"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.12"
},
{
"model": "tor",
"scope": "eq",
"trust": 1.0,
"vendor": "torproject",
"version": "0.2.4.11"
},
{
"model": "tor",
"scope": "lt",
"trust": 0.8,
"vendor": "the tor",
"version": "0.2.4.20"
},
{
"model": "tor",
"scope": "eq",
"trust": 0.6,
"vendor": "tor",
"version": "0.2.4.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.2.4.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.18:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.10:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.9:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.17:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.16:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.15:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.8:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.7:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.14:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.13:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.6:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.5:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.12:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.11:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.4.3:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7295"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "64651"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-7295",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00091",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7295",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-371",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. Tor (The Onion Router) is an implementation of the second generation onion routing, which is mainly used to access the Internet anonymously. \nThere are security holes in Tor. An attacker could use this vulnerability to bypass security restrictions. There are vulnerabilities in Tor 0.2.4.19. Other versions may also be affected. This may aid in further attacks. \n \n Update to version 0.2.4.22 solves these major and security problems:\n \n - Block authority signing keys that were used on authorities vulnerable\n to the heartbleed bug in OpenSSL (CVE-2014-0160). \n \n - Fix a memory leak that could occur if a microdescriptor parse fails\n during the tokenizing step. \n \n - The relay ciphersuite list is now generated automatically based on\n uniform criteria, and includes all OpenSSL ciphersuites with acceptable\n strength and forward secrecy. \n \n - Relays now trust themselves to have a better view than clients of\n which TLS ciphersuites are better than others. \n \n - Clients now try to advertise the same list of ciphersuites as\n Firefox 28. \n \n For other changes see the upstream change log\n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://advisories.mageia.org/MGASA-2014-0059.html\n http://advisories.mageia.org/MGASA-2014-0256.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 77035fd2ff3c6df5effbaf9ee78bdaf4 mbs1/x86_64/tor-0.2.4.22-1.mbs1.x86_64.rpm \n cccaec1a8425ebfce0bb7d8057d38d6e mbs1/SRPMS/tor-0.2.4.22-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTmDAPmqjQ0CJFipgRAqq4AJ9ZIEn/fqUynENotuSA2kTLnKwpJgCgkh59\nssWQCdn4l3H2KyxX+IQBsxw=\n=fSis\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"db": "BID",
"id": "64651"
},
{
"db": "PACKETSTORM",
"id": "127069"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7295",
"trust": 2.8
},
{
"db": "BID",
"id": "64651",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-00091",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[TOR-TALK] 20131223 TOR 0.2.4.20 IS RELEASED",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "127069",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "BID",
"id": "64651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "PACKETSTORM",
"id": "127069"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"id": "VAR-201401-0517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
}
]
},
"last_update_date": "2023-12-18T11:42:58.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[tor-talk] Tor 0.2.4.20 is released",
"trust": 0.8,
"url": "https://lists.torproject.org/pipermail/tor-talk/2013-december/031483.html"
},
{
"title": "Tor random number generation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42181"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://lists.torproject.org/pipermail/tor-talk/2013-december/031483.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/64651"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7295"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7295"
},
{
"trust": 0.3,
"url": "https://www.torproject.org/index.html.en"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7295"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0059.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0256.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "BID",
"id": "64651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "PACKETSTORM",
"id": "127069"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"db": "BID",
"id": "64651"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"db": "PACKETSTORM",
"id": "127069"
},
{
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"date": "2013-12-23T00:00:00",
"db": "BID",
"id": "64651"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"date": "2014-06-12T13:43:49",
"db": "PACKETSTORM",
"id": "127069"
},
{
"date": "2014-01-17T21:55:14.613000",
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"date": "2014-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00091"
},
{
"date": "2014-06-11T19:35:00",
"db": "BID",
"id": "64651"
},
{
"date": "2014-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005865"
},
{
"date": "2014-02-12T04:50:11.530000",
"db": "NVD",
"id": "CVE-2013-7295"
},
{
"date": "2014-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-078"
},
{
"date": "2014-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "64651"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-078"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tor Vulnerability bypasses cryptographic protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-371"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.